Reputation: 319
What's [TCP ACKed unseen segment] & etc in Wireshark?
I've transfer a data via SCP and get some messages in picture above (in black color).What relation about these messages (TCP ACKed...,TCP Zerowindow and TCP Prev...). Thank you very much and sorry about language from network newbie.
Upvotes: 1
Views: 10441
Answers (1)
Reputation: 3027
ACK on a TCP packet gives the sequence number the other machine shall use next:
SYN (seq=1) -> received
recived <- SYN, ACK (seq=101, ack=2)
"hi" (seq=2, ack=102) -> received 2 bytes
received <- ACK (seq=102, ack=4)
recived 2 bytes <- "ho" (seq=103, ack=4)
i.e. ACK is sent on every packet to the other machine saying: "The next sequence number i expect from you is this number".
ACKs are never increased if part of data was never seen. Has "hi" not been received in the above example (by network congestion for example) the right side will reject all packets until a packet with seq=2 is received. TCP deals with that internally by repeating the seq=2 packet.
Your wireshark log suggests that some packet was not seen by it. The packet might have goen through the network normally (and probably it did, otherwise it would have been repeated) but wireshark did not capture it. That is a completely possible scenario, in busy networks wireshark often fails to capture every packet.
Upvotes: 2
Related Questions
- Understanding [TCP ACKed unseen segment] [TCP Previous segment not captured]
- Wireshark, wrong TCP ACKed unseen segment message
- How to set the maximum TCP Maximum Segment Size on Linux?
- TCP doesn't ACK every other segment
- Custom TCP Headers / Copying TCP Header from wireshark packet
- Setting TIME_WAIT TCP
- How websockets work in respect to TCP/IP and HTTP?
- Connection loses on data-send. Server receives RST, ACK after handshake